Professional Documents
Culture Documents
Carrier SBCs
SP Network
Enterprise Network
IP PBX
FW
Intranet
Carrier SBC
Carrier SBC
11/26/2012
Enterprise SBC
Mobile Users,
Telecommuters
Enterprise Network
IP PBX
DMZ
Internal
FW
Avaya External
SBCE FW/NAT
Intranet
Avaya SBCE
Encryption
TLS proxy
SRTP proxy
Enablement
FW / NAT traversal
Call admission control
Signaling and media firewall
2012
2012 Avaya,
Avaya Inc.
Inc. All
All rights
Rightsreserved.
Reserved.
SRTP/
RTP
Remote Worker
Internet
SIP Trunking
Security
Floods and fuzzing prevention
Spoofing prevention (fingerprint verification)
Media anomaly prevention
Stealth attack prevention
Tollfraud Prevention
Anti-spam
Whitelist/Blacklist
Behavior learning
06/01/2012
Enterprise
Internet
DMZ
Firewall
Firewall
Avaya
SBCE
SIP Trunks
Carrier
Carrier SIP trunks to the Avaya Session Border Controller for Enterprise
Avaya SBCE is located in a DMZ behind the Enterprise firewall
Services: security and demarcation device between the IP-PBX and the Carrier
NAT traversal,
Securely anchors signaling and media, and can
Normalize SIP protocol
2012 Avaya Inc. All rights reserved.
NAT Traversal
SBC External IP
Address
192.168.45.4
IP PBX
Enterprise
FW IP Address
96.54.23.10
Internet or Provider
Network
Stealth DoS/DDoS
Call Walking
Toll Fraud
Phone DoS/DDoS
10
Internet
DMZ
Firewall
Firewall
Avaya
SBCE
Remote Workers
11
VPNless Endpoint
Call Servers
For SIP Trunking, an accepted architecture is:
Call Server + SBC
Call Server + SM + SBC
CM 5.2.1
IPO 8.x
SM must be 6.x
For SIP Trunking if these basic requirements are not met there is no opportunity
with this customer UNTIL these elements are there.
13
CS1K R7.5
R4.0.5/R6.2
R4.0.5/R6.2
R4.0.5/R6.2
IPO R8.0
R4.0.5/R6.2
NA
NA
CM R5.2.1
R4.0.5/R6.2
R4.0.5/R6.2
R4.0.5/R6.2
R4.0.5/R6.2
R4.0.5/R6.2
NA
CM R6.2
R4.0.5/R6.2
R4.0.5/R6.2
R4.0.5/R6.2
CM 6.0.1
SM 6.2
Supported - Tested
NA Not Supproted or Tested.
2012 Avaya Inc. All rights reserved.
14
IPO 8.x
ONLY supports SIP Trunking
ONLY certified with AT&T at the moment
A generic app note is in the works to accommodate
additional carriers
15
Colt
Etisalat
Fastweb SPA
Frontier
Gamma
IntelePeer
KPN
Level 3
MTSAllStream
PAETEC
Phonect
QSC
Sprint
Swisscom
Tele2
Telefonica del Peru
Telenor
Teliasonera
TELUS
T-Mobile NL
UPC
Vamoin1/KPN
Verizon Business
Virgin Media
Vodafone DE
Vodafone NL
VoicePulse
Windstream
Worldnet P. Rico
XO
17
18
19
Authenticated
Endpoints
Enterprise
Remote
Giving you
Full Features
Enterprise DMZ
Firewalls
Intranet
Encrypted
Sessions
Internet
Avaya SBCAE
Security
UC Policy, Access control, & Authentication
Privacy (encryption) with TLS, SRTP
UC Threat protection
Comprehensive Services
Directory, Web applications, Login profiles
Remote Management
Configuration management,
Certificate, PKI management
21
Max Capacity
With Encrypt
HA
2000
1000
SA
2000
1000
SA
500
250
Portwell CAD-0208
Rules of Thumb
SIP trunking usually 5 users per SS
Must account for higher ratio in small
Remote Worker must consider both
On-net and off-net requirements
Remember, in Dell configs, Encryption
Services impact capacity
2012 Avaya Inc. All rights reserved.
A simultaneous session = a
communication session
between 2 SIP endpoints
Can think of it as analogous
to a DSO in the old world
Key for engineering is to
understand the numbers of
sessions required in the
solution
22